github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/880#issuecomment-691558387 | https://api.github.com/repos/simonw/datasette/issues/880 | 691558387 | MDEyOklzc3VlQ29tbWVudDY5MTU1ODM4Nw== | 9599 | 2020-09-12T22:04:48Z | 2020-09-12T22:04:48Z | OWNER | Is it safe to skip CSRF checks if the incoming request has `Accept: application/json` on it? I'm not sure that matters since `asgi-csrf` already won't reject requests that either have no cookies or are using a `Authorization: Bearer ...` header. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648637666 | |
https://github.com/simonw/datasette/issues/880#issuecomment-691557675 | https://api.github.com/repos/simonw/datasette/issues/880 | 691557675 | MDEyOklzc3VlQ29tbWVudDY5MTU1NzY3NQ== | 9599 | 2020-09-12T22:01:02Z | 2020-09-12T22:01:11Z | OWNER | Maybe POST to `.json` doesn't actually make sense. I could instead support `POST /db/queryname` with an optional mechanism for requesting that the response to that POST be in a JSON format. Could be a `Accept: application/json` header with an option of including `"_accept": "json"` as a POST parameter instead. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648637666 | |
https://github.com/simonw/datasette/issues/880#issuecomment-691557429 | https://api.github.com/repos/simonw/datasette/issues/880 | 691557429 | MDEyOklzc3VlQ29tbWVudDY5MTU1NzQyOQ== | 9599 | 2020-09-12T21:59:39Z | 2020-09-12T21:59:39Z | OWNER | What should happen when something does a POST to an extension that was registered by a plugin, e.g. `POST /db/table.atom` ? | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648637666 |